diff options
| author | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2016-09-10 19:12:46 +0000 |
|---|---|---|
| committer | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2016-09-10 19:12:46 +0000 |
| commit | 93c4cb8ffab8bd76fa95545777d0bb1beae23e55 (patch) | |
| tree | 7b033193d5d5cf6fd4c98fd047da2ae7866c192d | |
| parent | 26889a1b940dfafe6d3673e2ef8446c4dcdf97f8 (diff) | |
| download | neon-93c4cb8ffab8bd76fa95545777d0bb1beae23e55.tar.gz | |
* src/ne_md5.h: Allow ne_md5_create_ctx to return NULL.
* src/ne_auth.c (auth_register): Disable Digest support without MD5 support.
* test/auth.c (make_digest): Don't crash in above case.
* test/util-tests.c (digest_md5, md5_alignment): Likewise.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1970 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
| -rw-r--r-- | src/ne_auth.c | 12 | ||||
| -rw-r--r-- | src/ne_md5.h | 4 | ||||
| -rw-r--r-- | test/auth.c | 1 | ||||
| -rw-r--r-- | test/util-tests.c | 6 |
4 files changed, 21 insertions, 2 deletions
diff --git a/src/ne_auth.c b/src/ne_auth.c index 48a0cb5..96f34d3 100644 --- a/src/ne_auth.c +++ b/src/ne_auth.c @@ -1616,6 +1616,18 @@ static void auth_register(ne_session *sess, int isproxy, unsigned protomask, protomask |= NE_AUTH_GSSAPI_ONLY | NE_AUTH_SSPI; } + if (protomask | NE_AUTH_DIGEST) { + struct ne_md5_ctx *ctx = ne_md5_create_ctx(); + + if (ctx) { + ne_md5_destroy_ctx(ctx); + } + else { + NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Disabling Digest support without MD5.\n"); + protomask &= ~NE_AUTH_DIGEST; + } + } + ahs = ne_get_session_private(sess, id); if (ahs == NULL) { ahs = ne_calloc(sizeof *ahs); diff --git a/src/ne_md5.h b/src/ne_md5.h index 9a625bc..cb850bf 100644 --- a/src/ne_md5.h +++ b/src/ne_md5.h @@ -34,7 +34,9 @@ NE_BEGIN_DECLS */ struct ne_md5_ctx; -/* Create structure containing state of computation. */ +/* Create structure containing state of computation. Can return NULL + * if the MD5 algorithm is prohibited (such as FIPS-enabled + * systems). */ extern struct ne_md5_ctx *ne_md5_create_ctx(void); /* Starting with the result of former calls of this function (or the diff --git a/test/auth.c b/test/auth.c index 692c37b..050b046 100644 --- a/test/auth.c +++ b/test/auth.c @@ -418,6 +418,7 @@ static void make_digest(struct digest_state *state, struct digest_parms *parms, /* H(A1) */ ctx = ne_md5_create_ctx(); + if (!ctx) return; ne_md5_process_bytes(state->username, strlen(state->username), ctx); ne_md5_process_bytes(":", 1, ctx); ne_md5_process_bytes(state->realm, strlen(state->realm), ctx); diff --git a/test/util-tests.c b/test/util-tests.c index 95e4c74..ee8aebb 100644 --- a/test/util-tests.c +++ b/test/util-tests.c @@ -101,13 +101,16 @@ static int status_lines(void) } /* Write MD5 of 'len' bytes of 'str' to 'digest' */ -static unsigned char *digest_md5(const char *data, size_t len, +static const unsigned char *digest_md5(const char *data, size_t len, unsigned int digest[4]) { struct ne_md5_ctx *ctx; #define CHUNK 100 ctx = ne_md5_create_ctx(); + if (!ctx) { + return (unsigned char *)"NO-MD5-SUPPORT"; + } /* exercise the buffering interface */ while (len > CHUNK) { ne_md5_process_bytes(data, CHUNK, ctx); @@ -154,6 +157,7 @@ static int md5_alignment(void) * the process_bytes function would SIGBUS if the buffer argument * isn't 32-bit aligned. Won't trigger on x86 though. */ ctx = ne_md5_create_ctx(); + ONN("could not create MD5 context", ctx == NULL); ne_md5_process_bytes(bb + 1, 65, ctx); ne_md5_destroy_ctx(ctx); ne_free(bb); |